What We’re Talking to Clients About
Cyber Threats and Crime Coverage
We frequently talk about cybercrime as a threat to private information – customer records, credit card numbers, payroll data, etc. But monetary theft is also a huge cyber-related exposure, and it’s not typically covered under a Cyber Liability policy. Consider two possible scenarios that our clients have experienced in recent weeks:
- Hacker gains access to a company’s email and successfully initiates a $750k+ wire transfer to an overseas account
- Scammer pretending to be a company executive successfully directs a controller to wire $75k to an overseas account
While these both have the same result (company money stolen based on unauthorized instructions), they’re different types of claims, and different coverages apply to each of them. Scenario 1 is typically called Funds Transfer Fraud, and it can usually be covered on a standard Crime policy. Scenario 2 is often called Social Engineering Fraud, and it is covered only by an endorsement to either a Crime policy or a Cyber Liability policy.
Cyber and Crime policies differ significantly by carrier, so it’s important for us to jointly review the risks that you’re concerned about and make sure your policy covers you appropriately.
Additional Insured Status
Our clients are diligent about collecting certificates from their vendors and subcontractors, which is always helpful at audit time. (Side note – if you ever need help with this, just give us a call!). But if you require additional insured status, it’s important to keep in mind that certificates aren’t enough in the event of a claim – you must also have a written contract that clarifies who is responsible for what risk, and specifying who is an additional insured.
Open enrollment season is coming up for our Employee Benefits clients. This is an opportunity to connect with employees on an individual level to understand what’s important to them and how they value their benefits. For many of our clients, it’s also an opportunity to upgrade the enrollment process by utilizing user-friendly technology to educate and enroll employees.
Our thoughts go out to our clients in the Southeast who have been affected by Hurricanes Florence and Michael. As always, if we can be of assistance, please don’t hesitate to reach out.
What We’re Reading
Document your internal policies and processes regarding wires and ACH transfers. Work with your bank to ensure they have the right security protocols to verify any wire instruction before executing it.